Add API endpoint for token associations (!162859) · Merge requests · GitLab.org / GitLab

Valentine Mairet requested to merge vmairet-add-token-associations into master Aug 15, 2024

What does this MR do and why?

I've added a new API endpoint to enumerate token associations. That is: groups and projects the authenticated user can access.

At Security Operations, we developed our own in-house tool, Token Scoper, to analyse token associations (group and project memberships) in order to speed up the response to exposed token incidents and assess impact more efficiently.

As part of our dogfooding efforts within the division, we want to integrate the Token Scoper within the product. This can be done by creating a new API endpoint that would return the same information the Token Scoper would for a given personal / project / group access token.

Related to: #466046 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Create a Personal Access Token
Run curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/self/associations"

Edited Aug 20, 2024 by Valentine Mairet

Add API endpoint for token associations

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports